Secret information such as user credentials, biometric data, personal data, security settings data, and so forth increasingly need to be stored securely to prevent unintended disclosure due to loss or theft of the device storing the information, e.g. thumb drive, smartphone, tablet computer, laptop computer, smartcard, entertainment device, smart appliance, etc. Storing data securely such that it resists attackers that have physical access to the device has been typically protected by a password or passcode that is fed into a key derivation function to produce a symmetric encryption key that is then used to encrypt the secret information. For example, this technique is used for full disk encryption, key storage on a smartcard, by password managers and key migration containers.
However, users are generally expected to remember multiple passwords or passcodes and keep straight which password goes with encrypted storage object or resource. Studies show that users reach cognitive overload quickly which limits effectively the number of encrypted storage resources they can manage. Further, a centralized solution may not satisfy user needs because it may require the user to identify a single entity that interoperates with every other service, application, or device that may use encrypted storage.